Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Security Scanner malware that resembles MS Security [Solved]

highland403

Posted 15 February 2012 - 02:59 PM

highland403

Member

Member

224 posts

I googled 'handmade sympathy cards' and then clicked on google's images tab to view examples of cards. I clicked on 4 or 5 cards to view the website associated with the card and then I started getting warnings from something called Security Scanner. It has a shield that looks similar to an MS security shield but slightly different. It keeps popping up and saying I have 17 infections and asking if I want to get rid of them. It won't take no for an answer.

I have tried, without any results, to run the 3 different versions of OTL, the 3 versions of exehelper, the 5 versions of rkill and Vipre Rescue. I have also tried running SUPERAntiSpyware Portable Scanner. I put it on a flash drive and clicked on it but Security Scanner says it is infected and won't let it open. I tried restarting the computer with SAS still in the usb drive, but that didn't start it, so I may have done something wrong there.

Security Scanner also won't let me on the internet. It says IE is trying to send my credit card information to parts unknown. However, I know for a fact there is no credit card info on this computer.

Please help me remove this scurvy dog from my computer. Thanks in advance!

Error - 2/23/2012 7:56:35 PM | Computer Name = RENEE | Source = Service Control Manager | ID = 7031Description = The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish, so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

maliprog

Posted 25 February 2012 - 12:16 AM

highland403

Posted 25 February 2012 - 04:19 PM

highland403

Member

Topic Starter

Member

224 posts

While I was in the waiting room, I noticed that Security Scanner had stopped popping up even though I hadn't done anything to get rid of it. I have run all of the programs that you said to and so far Security Scanner hasn't popped up.

By the way, you had asked that I zip MBR.dat and post it. I don't have a zip program on my computer unless XP has one that I am not aware of. If you still need that file zipped and posted, please let me know how to zip it.

When you looked through the logs I posted, were you able to determine if Security Scanner had been removed?

maliprog

Posted 26 February 2012 - 05:06 AM

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

Click Start, click Run, type sysdm.cpl, and then press ENTER.

Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.